Coda File System

Next Previous Contents

11. System Administration: Users

11.1 Adding users

There are several steps in adding a new user to the Coda file system. First, create a Unix account for the new user on some or all of the Coda clients. Second, add the user to the Coda authentication database and the protection database (described below). Third, create a volume for the user and mount it at the appropriate place in the Coda name space (See Section XXX ).

Constructing new protection database files

Add a line for each new user to the user.coda file using the userId from the new users Unix account. @Foot(If you are at Carnegie Mellon and the user you intend to add does not have a CMU-CS account, STOP! The user must get a CMU-CS account before you may continue. To determine the UID, grep for the login name in /etc/passwds .) You may copy the user's entry in /etc/passwds to the user.coda file for this purpose if you wish. Note that only the login name (the first field) and the uid (the third field) are relevant and that you may delete the other fields as long as you leave all the " : " characters intact.

Now, add the users name to the appropriate group in the file groups.coda . Note that Coda groups are totally separate from Unix groups. Adding a user to group System:Administrators is about the equivalent of giving that user root privileges. Only System Administrators should be in this group. As an example, we add all Coda developers (hard and soft core) to the system:coda group. Add other Coda users to groups as appropriate.

Execute % pwd2pdb -u /vice/db/user.coda -g /vice/db/group.coda > /vice/db/vice.pdb

to generate a Coda protection database.

Finally, execute pcfgen /vice/db/vice.pdb to generate the file vice.pcf .

Installing the protection database files

Now that you have generated the new protection database files, you must install these files. Follow these steps:

  1. Login into the SCM.
  2. cd /vice/db
  3. /vice/bin/mvdb < srcdir > vice.pdb vice.pcf ) where < srcdir > is the name of the directory containing the new vice.pdb and vice.pcf.

Modifying the authentication database

User accounts are added to the authentication database with the au program, which can also delete and modify user accounts, change passwords, and get tokens. To add a user, run au -h < SCM > nu on a Coda client workstation, giving the System Control Machine's name in < SCM > .

In response to the prompts, provide your Coda userId and password and then the new users name and temporary password. (Give the new users full name to the "Other info" prompt.) You must be a member of the system:administrators group in order to successfully modify the authentication database. The following example illustrates adding the user "guest" to the authentication database. Note that the new password will echo to the screen.


au -h your-scm.host nu
Your Vice name: raiff
Your password:
RPC2_Bind () --
>
RPC2_SUCCESS
Vice user: guest
New password: guestpwd
New info: Guest User

Updates made via au will be automatically distributed to the other servers by the Update daemon. Now, the auth server knows about the new users. New users may change their temporary passwords using the cpasswd command.

11.2 Monitoring Auth Server Activity

The file /vice/auth2/AuthLog has a log of the auth server activity and can be used to monitor failed login attempts. You can also monitor password changes in the file /vice/db/auth2.pw .


Next Previous Contents